Hull & P&I

Aquaculture

Angling Lakes

Privacy Policy

Your personal privacy is of paramount importance to us at the North Group.

This privacy notice is intended to provide you with details of how we collect and use your personal data, as well as explaining your rights as a data subject, in accordance with UK Data Protection Legislation and Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation “GDPR”) .

Under the EU’s General Data Protection Regulation personal data is defined as: ‘Any information relating to an identified or identifiable natural person’

(Collectively referred to as the: North Group; we; us). Our contact details can be found here.

Who is our Data Protection Officer?

Our Data Protection Officer is the Head of Group Compliance, who can be contacted at DPO@nepia.com or telephone on 0191 232 5221.

1. What information do we collect about you?

As part of providing services to you we may collect personal data and special category data:

As a broker, intermediary or agent

For individuals who are employed or associated with a broker, intermediary, or agent

Personal data:

Names and titles

Address

Email address

Business contact details

Passport details

Bank account details

We need to collect this personal data from you to help in the administration of insurance contracts underwritten by us. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

Necessary for the performance of a contract which you are a party to; or

Necessary for the compliance with a legal obligation to which the Group are subject; or

Necessary for the purposes of the legitimate interests pursued by us in relation to the performance of insurance business, business development , relationship management purposes and keeping our records up to date.

We may also collect information from credit reference and fraud prevention agencies, and via insurance industry fraud prevention and detection databases and sanctions screening tools.

We may combine this with the information provided by you.

As a current and prospective member, or policyholder, or an individual associated with a member or policyholder; such as a skipper, crew member or ship owner

For current and prospective members, policyholders or an individual associated with a member or policyholder; such as a skipper, crew member or ship owner we may collect the following information:

Personal data:

Names and titles

Address

Email address

Date of birth

Bank account details

Passport details

Visa details

Identification number

Details of criminal convictions and offences

Special category data

Details of illnesses or injuries, medical reports

We need to collect this personal data from you, including information about your health or criminal records, to enable us to enter into or perform insurance contracts underwritten by us or otherwise to comply with legal obligations in relation to our insurance business. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

In some instances you will have provided your consent to the collection and sharing of this information.

Necessary for the performance of a contract which you are a party to; or

Necessary for the compliance with a legal obligation to which the Group are subject; or

Necessary in order to protect the vital interests of the data subject or of another natural person; or

Necessary for the purposes of the legitimate interests pursued by us in relation to fully assessing the insurance cover being provided, relationship management purposes, and keeping our records up to date.

Where we are required to collect and process personal data about you in relation to an insurance contract to which you are being provided insurance cover, but you are not a party to the insurance contract, for example an accident and sickness policy, this is necessary to enable us to perform insurance contracts we have entered into in the legitimate interests of our business.

Special category and criminal conviction data

The Data Protection Act 2018 allows for the processing of special category and criminal conviction data for an insurance purpose, in accordance with Sch1, part 2, paragraph 20, this includes:

The processing of such data for advising on , arranging, underwriting or administering of an insurance contract

Administering a claim under an insurance contract

Exercising a right, or complying with an obligation, arising in connection with an insurance contract, including a right or obligation arising under an enactment or rule of law.

This is to the extent that the processing is not carried out for the purposes of measures or decisions with respect to the data subject and the data subject does not have and is not expected to acquire

Rights against, or obligations in relation to, a person who is an insured person under an insurance contract to which the insurance purpose relates, or

other rights or obligations in connection with such a contract.

The above information may also be provided to us from brokers, agents, intermediaries, correspondents, surveyors and professional advisors.

We may also collect information from publicly available sources, such as Companies House, credit reference and fraud prevention agencies, and via insurance industry fraud prevention and detection databases and sanctions screening tools.

We may combine this with the information provided by you.

As an individual involved in a claim, either as a member, policyholder, or an individual benefitting from a member or policyholder’s policy and any other interested party

As an individual involved in a claim, either as a member, policyholder, interested party or an individual benefiting from a member or policyholder’s policy we may collect the following information:

Personal data:

Name

Address

Date of birth

Identification number

Bank account details

Passport details

Visa details

Wedding and birth certificates

Travel documentation

Details of criminal convictions and offences

Special category data

Medical reports

We need to collect this personal data from you, including information about your health or criminal records, to enable us to deal with the administration, processing, handling and settlement of claims made in respect of an insurance contract underwritten by us, and or to comply with legal obligations in relation to our insurance business. This personal data may also in some instances be necessary for the establishment, exercise or defence of legal claims.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

In some instances you will have provided your consent to the collection and sharing of this information.

Necessary for the performance of a contract which you are a party to; or

Necessary for the compliance with a legal obligation to which the Group are subject; or

Necessary to protect the vital interest of you or another person; or

Necessary for the establishment, exercise or defence of a legal claim; or

Necessary for the purposes of the legitimate interests pursued by us in relation to the performance of insurance business, in particular the handling of claims.

Special category and criminal conviction data

Data Protection Legislation allows for the processing of special category and criminal conviction datafor an insurance purpose, this includes:

The processing of such data for advising on , arranging, underwriting or administering of an insurance contract

Administering a claim under an insurance contract

Furthermore North will process special category data where the purpose of the processing is to either prevent fraud or report suspicions of terrorist financing or money laundering (See Schedule 1, paragraphs 14 and 15 of the Data Protection Act 2018.

The above information may also be provided to us from brokers, agents, intermediaries, correspondents, surveyors and professional advisors.

We may also collect information from credit reference and fraud prevention agencies, and via insurance industry fraud prevention and detection databases and sanctions screening tools.

We may combine this with the information provided by you.

Correspondent, Surveyor or Professional advisors

For individuals who are employed or associated with correspondents, surveyors or professional advisors we may collect the following information:

Name and titles

Address

Curriculum vitae

Email address

Business contact details

Passport details

Bank account details

We need to collect this personal data from you to help in the administration of insurance contracts underwritten by us. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

Necessary for the performance of a contract which you are a party to; or

Necessary for the compliance with a legal obligation to which the Group are subject; or

Necessary for the purposes of the legitimate interests pursued by us in relation to the processing of current or future claims and or the development of a business relationship.

We may also collect information from credit reference and fraud prevention agencies, and via insurance industry fraud prevention and detection databases and sanctions screening tools.

We may combine this with the information provided by you.

As an individual who currently receives or wishes to receive communications and updates from us

For Individuals who currently receive or wish to receive communications and updates from the North Group we may collect the following information:

Name

Address

Email address

Contact details

We need to collect this personal data from you to enable us to provide the required statutory communications to North Group members, and in other cases for the purposes of business development and on-going management and development of business relationships.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

Necessary for the compliance with a legal obligation to provide statutory communications; or

Necessary for the purposes of the legitimate interests pursued by us for relationship management, business development, providing information and best practice in relation to loss prevention and ensuring that our communications are appropriately targeted to our audience.

As an individual undertaking training and associated loss prevention activities organised or provided by us

For individuals who wish to receive training organised by us we may collect the following information:

Name

Address

Date of birth

Email address

Contact details

Passport details

We need to collect this personal data from you to be able to arrange the training event and to be able to provide the learning and development you have requested.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

Necessary for the performance of a contract which you are a party to.

As an individual who has applied or considering applying for a role with the North Group

For Individuals who have applied or considering applying for a role with the North Group we may collect the following:

Name

Address

National Insurance number

Proof of identity

Email address

Contact details

Curriculum vitae

Details of criminal convictions and offences

Special category data

Details of ethnic origin

Details of disabilities

We need to collect this personal data from you to enable us to progress your application for a role with us and for us to meet our legal obligations under applicable employment, health and safety and financial services laws and regulations.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

In some instances you will have provided your consent to the collection and sharing of this information.

Necessary for the performance of a contract which you are a party to; or

Necessary for the compliance with a legal obligation to which the Group are subject; or

Necessary for the purposes of carrying out the obligations and exercising specific rights of the Group or yourself in the field of employment.

The processing of personal data relating to criminal convictions and offences is required to meet our regulatory obligations in respect of the employment of staff within a financial services organisation and is authorised by UK law.

We may also collect information from publicly available sources, such as Companies House, credit reference and fraud prevention agencies. We may combine this with information provided by you.

If you do not provide us with such personal data we may not be able to progress your application for a role with us.

2. Who do we share information about you with?

The sharing of personal data is required to support our business activities and to provide a service to you, along with ensuring that we meet any statutory or regulatory requirements.

Rather than provide you with a detailed list of the name of every recipient of personal data in this privacy notice, which could only ever be a snap shot in time, we have detailed below a list of the type of recipients we may share information about you with.

We do not share all the information for all individuals with every third party and the list is subject to constant review and change. We will also not disclose your personal data to a third party unless we are satisfied that we either have your consent or a lawful reason for doing so.

If required a full list of the names of all parties that we share information is available from our Data Protection Officer (See details above).

Employees and directors of North Group who need access to the personal data to perform their role within the group

Public bodies or law enforcement agencies who are concerned with anti- money laundering, anti-bribery, financial sanctions activity and disclosure and barring services

Third parties as required under the relevant Insolvency Act requirements

Corporate registrars who are legally required to hold certain company information

Credit reference agencies who provide credit and financial service checks

Reinsurers involved with the reinsurance of North Group business

Our corporate insurers if required under the terms of the policy placed with them

North Group auditors and internal auditors who provide the required auditing and support our financial reporting requirements

Professional advisors such as lawyers, arbitrators and actuaries, who provide support in dealing with our insurance business

Brokers, intermediaries, agents, surveyors and correspondents who may provide initial and on-going support with our insurance business

Our company bankers who make and receive payments on our behalf

Website and internet service providers who provide the required support and hosting of our internet and intranet services

Information Technology support companies who provide day to day maintenance and support for our IT and database services

Workflow management service providers via the internet who support the day to day allocation of tasks to the operational support teams

Recruitment agencies who we may deal with during the recruitment process

Printers and publishers who provide electronic and paper based solutions for company publications

Learning, development and training service providers for the provision of services of that type

Embassies who provide visa processing services for overseas travel or work abroad

Current or prospective North Group members or policyholders

International Group of Protection and Indemnity Clubs

Any company within North Group. For further information please click here

3. Where do we send information about you to?

North Group operates a number of branches and subsidiaries worldwide. We may transfer information we hold about you to one or more of these locations (overseas transfer) if required to fulfil the purposes set out above. We will only do this if one of the following conditions applies to the overseas transfer:-

it is necessary in order for us to perform a contract between you and us;

it is necessary in order for us to take measures to enter into a contract with you where you have requested us to do so;

it is necessary for us to establish, exercise or defend legal claims; or

If none of the conditions listed above apply, you have explicitly consented to the overseas transfer.

Unless you have specifically consented to the transfer, we will only transfer personal data outside the European Economic Area (EEA) where:-

We transfer the data to a country or international organisation which the EU Commission has decided ensures an adequate level of protection for your personal data;

the transfer of your personal data is subject to adequate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or

one of the derogations in the GDPR to transfer personal data outside the EEA applies.

4. How long do we store information about you for?

We are a regulated financial services entity and as such we are subject to prescribed retention periods in relation to personal data. We are also required to retain personal data to comply with limitation periods prescribed by law.

We operate a data retention policy for each jurisdiction in which we operate which sets out the specific periods we will hold information and when we need to destroy information that we no longer require for legal, regulatory or commercial reasons.

For the United Kingdom, generally our retention period will be up to six years. However, this may be longer in some instances, when for example dealing with a claim whereby we would need to hold the information for a period relevant to the time the claim is being handled.

For other jurisdictions we will be subject to the requirements of the relevant jurisdiction in question and this may not always mirror those of the United Kingdom.

Overall the criteria used to establish the period for which personal data will be stored is determined by regulatory or legal and requirements. This is also supported by a North Group Policy that such information must not be kept for any longer than necessary to fulfil the purposes for which it was collected.

5. What are your rights?

You have the following rights:

Right of access - request access to any personal data we hold about you;

Right of rectification - have any personal data which we hold about you which is inaccurate or incomplete rectified;

Right to be forgotten - have personal data erased in certain circumstances. This right does not apply, for example, where the processing is necessary (i) to comply with a legal obligation or (ii) for the establishment, exercise or defence of legal claims;

Right to restriction of processing - have the processing of your personal data restricted in certain circumstances. This right does not apply, for example, where we continue to use your personal data (i) for the establishment, exercise or defence of legal claims or (ii) to protect the rights of another;

Right of portability – To be provided with the personal data that you have supplied to us in a portable format that can be transmitted to another organisation without hindrance but in each case where (i) the processing is carried out by automated means and (ii) the processing is based on your consent or on the performance of a contract with you;

Right to object - object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct marketing purposes; and

Right to object to automated processing , including profiling - not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.

If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Officer (Details above). Please note some of these rights are restricted in some circumstances.

If you have provided your consent to any of the processing of your personal data, you have the right to withdraw your consent to that processing at any time, where relevant. Please contact the Data Protection Officer if you wish to do so.

If you object to processing based on legitimate interests, we must no longer process that personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

6. For individuals located outside of the EU

Australia

The North Group is aware of and seeks at all times to comply with the Australian Privacy Principles (Apps) set out in the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protections) Act 2012 (the Privacy Act) when managing and maintaining personal information in the course of its Australian business.

For the purposes of the Privacy Notice, “Personal Data” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in material form or not.

“Special Category Data” means information or an opinion about:

Racial or ethnic origin

Political opinions

Membership of political association

Religious beliefs or affiliations

Philosophical beliefs

Membership of a professional or a trade association

Membership of a trade union

Sexual orientation or practices

Criminal record that is also personal information

Health information about an individual

Genetic information about an individual that is not otherwise health information

Biometric information that is to be used for the purposes of automated biometric identification or verification, or

Biometric templates

If you have any specific questions regarding the manner in which North Group manages and maintains your Personal Information please contact us directly.

The North Group will only use and share the data we collect from you for the reasons described in “1. What information do we collect about you?” and “2. Who do we share information about you with?” We will not use your personal information for any other purpose without your consent, unless compelled to do so by an Australian Law, court or tribunal order, or enforcement body.

You may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 15 days.

If we have not come back to you within 15 days or you are unhappy with the response you may submit a complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au. The North Group will deal with the complaint in accordance with the requirements of the Privacy Act and the APPs.

New Zealand

The North Group seeks at all times to comply with the New Zealand Privacy Act 1993 and Privacy Principles.

For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relate to any information about an identifiable individual.

If you are in New Zealand you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Office of the Privacy Commissioner at www.privacy.org.nz

Singapore

For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relates to data, whether true or not, about an individual (whether living or recently deceased) who can be identified:

From that data; or

From that data and other information to which the organisation has or is likely to have access.

If you are in Singapore you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Personal Data Protection Commission at www.pdpc.gov.sg

Japan

For the purposes of the Privacy Notice, “Personal Data” is information about a living individual which can identify a specific individual by name, date of birth or other description contained in such information.

“Special Category Data” includes information about a person’s race, creed, social status, medical history, criminal record, any crimes a person has been a victim of, and any other information that might cause the person to be discriminated against.

If you are in Japan you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Personal Information Protection Commission at www.ppc.go.jp

Hong Kong

For the purposes of the Privacy Notice, “Personal Data” and “Special Category” data is defined as:

Relating directly or indirectly to a living individual

From which it is practical for the identity of the individual to be directly or indirectly ascertained, and

In a form in which access to or processing of the data is practicable

Please note that the provision of such data is voluntary however the refusal to provide the data may limit North’s ability to provide the services requested.

If you are in Hong Kong you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to The Office of the Privacy Commissioner for Personal Data at www.pcpd.org.hk

How do I make a complaint to a supervisory authority?

Any breach of the GDPR / DPA will be taken seriously and if you consider that the data protection principles have not been followed in respect of personal data about yourself or others you have the right to lodge a complaint with the relevant data protection supervisory authority.

Our data protection supervisory authority is the United Kingdom’s Information Commissioners Office. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Information Commissioner's Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

If you are located in Ireland our data protection supervisory authority is the Office of the Data Protection Commissioner. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlingtron, Co. Laois or at info@dataprotection.ie.

Cookie policy

A cookie is a small piece of data that websites store on your computer. We use cookies which are designed to improve your experience of our website and to help us evaluate the performance of our site in order to provide you with a better user experience.

We use two types of cookies on our website:

1. Session Cookies

We use two types of session cookies on our website. One is automatically added to your computer when you access our website and is used to store anonymous information about your activities during your visit. For example, when you filter by department on the Meet the Team page of this site, the cookie remembers your choice so it can be restored automatically if you leave the page and return to it later during your session. This cookie stays on your computer for the duration of your visit and is automatically erased when you close your browser.

The second session cookie that we use is added to your computer when you adjust the text size of the website. The cookie remembers your chosen text size for future visits so you do not need to change it manually every time. The cookie remains on your computer for 12 months and is automatically deleted after this period.

2. Persistent Cookies

Persistent cookies remember who you are and remain on your computer between sessions allowing us to recognise you when you return to the site. We use Google Analytics to evaluate the performance of our site and to compile reports which help us to make improvements to the site, e.g. most popular pages visited. Google Analytics works by placing a number of persistent cookies on your computer which enable it to gather anonymous browser data about your visits to our website. For further information on these cookies please visit https://policies.google.com/privacy